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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 
Listing of Claims: 

1 . (currently amended) A method of single sign-on user access to multiple web 
servers, comprising: 

authenticating a user at a first web server; 

detecting a client request at said first web server, said first web server 
determining a second web server related to the request and in response thereto 
creating an encrypted authentication token related to the user and redirecting a web 
browser of the user to the second web server; 

transmitting an the encrypted authentication token from the first web server to 
a the second web server via the user's web browser , wherein the authentication token 
comprises an expiration time and is digitally signed by the first web server; 

authenticating the authentication token at the second web server; and 

allowing the user to conduct a session at the second web server. 

2. (original) The method of claim 1 wherein the first web server and the second 
web server share a sub-domain. 

3. (original) The method of claim 2 further comprising examining the expiration 
time of the authentication token at the second web server and allowing the user to 
conduct a session at the second web server only if the expiration time has not passed. 

4. (original) The method of claim 3 wherein the authentication token comprises 
a cookie. 
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5. (original) The method of claim 4 wherein transmitting the encrypted 
authentication token from the first web server to the second web server comprises 
transmitting the encrypted authentication token from the first web server to the user, 
and then from the user to the second web server. 

6. (original) The method of claim 5 wherein authenticating the user at the first 
web server comprises receiving a user name and password. 

7. (original) The method of claim 6 wherein transmitting the encrypted 
authentication token from the first web server to a second web server comprises 
transmitting the authentication token from the first web server to a computer of the 
user; and transmitting the authentication token from the computer of the user to the 
second web server. 

8. (original) The method of claim 7 wherein the first web server and the second 
web server comprise a federation of web servers. 

9. (original) The method of claim 8 wherein authenticating the authentication 
token at the second web server comprises examining the cookie. 

10. (original) The method of claim 9 further comprising URL encoding the 
authentication token. 

1 1 . (original) The method of claim 10 further comprising URL decoding the 
authentication token at the second web server. 

12. (original) The method of claim 1 1 further comprising providing a web page to 
the user having a service selector. 

13. (original) The method of claim 12 wherein the service selector comprises a 
hyperlink. 
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14. (original) The method of claim 13 wherein the hyperlink comprises a URL for 
the second web server. 

15. (currently amended) A The method for singl e sign on us e r acc e ss to a 
federation of web serv e rs of claim 7 , further comprising: 

allowing a us e r at a computing d e vic e to acc e ss a first web s e rv e r in th e 
federation of w e b serv e rs via a web brows e r of the computing d e vic e ; 

authenticating the us e r with us e r - provid e d auth e ntication information, 
including at l e ast a user id e ntification, by th e first w e b s e rv e r; 

prompting the user for s e lection of a functionality offer e d via at least a s e cond 
w e b s e rv e r; 

rec e iving a sel e ction by the user of th e functionality off e r e d via th e s e cond 
web server; 

cr e ating an auth e ntication tok e n for th e user including at l e ast th e us e r 
identification and with a pr e defin e d tok e n e xpiry by th e first w e b s e rv e r; 

digitally signing the auth e ntication tok e n by th e first w e b s e rv e r; 

qualifying th e domain attribute of th e authentication tok e n with the shar e d 
sub - domain name by th e first w e b s e rv e r; 

sending the digitally signed authentication token to the web browser of the 
computing device by the first web server; and 

redirecting the web brows e r to the second w e b s e rv e r by the first web s e rver; 

sending the authentication token to the second web server by the web browserf 

d e crypting th e authentication tok e n by th e s e cond w e b serv e r; 
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checking th e pre d e fined expiry of th e authentication token by th e s e cond w e b 
serv e r; and 

allowing th e us e r to conduct a s e ssion with the s e cond web s e rv e r if within the 
pre d e fin e d tok e n expiry . 

16. (original) The method of claim 15 further comprising allowing the user to 
conduct a session with the first web server. 

1 7. (original) The method of claim 16 wherein the second web server shares a 
sub-domain with the first web server. 

18. (currently amended) The method of claim 1 7 wher e in digitally signing th e 
auth e ntication token by th e first w e b s e rver further comprising digitally signing the 
authentication token using public key encryption. 

19. (original) The method of claim 18 further comprising confirming a match 
with the digital signature. 

20-24. (canceled) 

25. (currently amended) A system for single sign-on user access to multiple web 
servers, comprising: 

a means for authenticating a user at a first web server; 

means for detecting a client request at said first web server, for determining a 
second web server related to the request and in response thereto creating an encrypted 
authentication token related to the user and for redirecting a web browser of the user 
to the second web server by said first web server; 

a means for transmitting an the encrypted authentication token from the first 
web server to a the second web server via the user's web browser , wherein the 
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authentication token comprises an expiration time and is digitally signed by the first 
web server; 

a means for authenticating the authentication token at the second web server; 

and 

a means for allowing the user to conduct a session at the second web server. 

26. (original) The system of claim 25 wherein the first web server and the second 
web server share a sub-domain. 

27. (original) The system of claim 26 further comprising a means for examining 
the expiration time of the authentication token at the second web server. 

28. (original) The system of claim 27 wherein the authentication token comprises 
a cookie. 

29. (original) The system of claim 28 wherein the means for transmitting the 
encrypted authentication token from the first web server to the second web server 
comprises means for transmitting the encrypted authentication token from the first 
web server to the user, and then from the user to the second web server. 

30. (original) The system of claim 29 wherein the means for authenticating the 
user at the first web server comprises means for receiving a user name and password. 

3 1 . (original) The system of claim 30 wherein the means for transmitting the 
encrypted authentication token from the first web server to a second web server 
comprises means for transmitting the authentication token from the first web server to 
a computer of the user and means for transmitting the authentication token from the 
computer of the user to the second web server. 

32. (original) The system of claim 3 1 wherein the first web server and the second 
web server comprise a federation of web servers. 
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33. (original) The system of claim 32 wherein the means for authenticating the 
authentication token at the second web server comprises means for examining the 
cookie. 

34. (original) The system of claim 33 further comprising a means for URL 
encoding the authentication token. 

35. (original) The system of claim 34 further comprising a means for URL 
decoding the authentication token at the second web server. 

36. (original) The system of claim 35 further comprising a means for providing a 
web page to the user having a service selector. 

37. (original) The system of claim 36 wherein the service selector comprises a 
hyperlink. 

38. (original) The system of claim 37 wherein the hyperlink comprises a URL for 
the second web server. 

39. (currently amended) A The system for single sign on user access to a 
f e d e ration of w e b s e rvers of claim 25 , further comprising: 

a m e ans for allowing a us e r at a computing d e vic e to acc es s a first w e b serv e r 
in the f e d e ration of web s e rv e rs via a w e b brows e r of the computing d e vic e ; 

a m e ans for auth e nticating th e user with user - provided authentication 
information, including at least a us e r identification, by th e first w e b s e rver; 

a m e ans for prompting th e user for sel e ction of a functionality offer e d via at 
l e ast a s e cond web se rver; 

a means for r e ceiving a sel e ction by the us e r of the functionality offer e d via 
the s e cond web server; 
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a means for creating an authentication tok e n for the us e r including at least the 
us e r id e ntification and with a pre defin e d token e xpiry by th e first web s e rv e r; 

a moans for digitally signing the authentication token by th e first w o b serv e r; 

a means for qualifying the domain attribute of the auth e ntication token with 
the shar e d sub domain nam e by th e first w e b s e rv e r; 

a means for sending the digitally signed authentication token to the web 
browser of the computing device by the first web server; and 

a moans for r e dir e cting th e w e b browser to the second web server by th e first 
w e b s e rv e r; 

a means for sending the authentication token to the second web server by the 
web browserf 

a m e ans for d e crypting th e auth e ntication tok e n by th e s e cond w e b s e rv e r; 

a m e ans for checking th e pr e- d e fined expiry of th e auth e ntication token by th e 
second web s e rv e r; and 

a means for allowing the us e r to conduct a s e ssion with the second web serv e r 
if within the pr e- defin e d token expiry . 

40. (original) The system of claim 39 further comprising a means for allowing the 
user to conduct a session with the first web server. 

41 . (original) The system of claim 40 wherein the second web server shares a sub- 
domain with the first web server. 

42. (currently amended) The system of claim 41 wh e r e in th e moans for digitally 
signing th e auth e ntication tok e n by th e first web s e rv e r further comprising means for 
digitally signing the authentication token using public key encryption. 
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43. (original) The system of claim 42 further comprising a means for confirming 
a match with the digital signature. 

44-48. (canceled) 
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